Skip to content

Expose auth policy resolution utilities for framework integrations#1512

Merged
fjtirado merged 7 commits into
serverlessworkflow:mainfrom
mcruzdev:issue-1511
Jul 2, 2026
Merged

Expose auth policy resolution utilities for framework integrations#1512
fjtirado merged 7 commits into
serverlessworkflow:mainfrom
mcruzdev:issue-1511

Conversation

@mcruzdev

@mcruzdev mcruzdev commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Many thanks for submitting your Pull Request ❤️!

What this PR does / why we need it:

Special notes for reviewers:

Additional information (if needed):

Closes #1511

mcruzdev added 2 commits July 1, 2026 20:26
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
@mcruzdev mcruzdev requested a review from fjtirado as a code owner July 1, 2026 23:43
Copilot AI review requested due to automatic review settings July 1, 2026 23:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR exposes small, reusable auth-policy utilities to support framework integrations (per #1511), by extracting policy resolution and OAuth2/OIDC unwrapping logic from DefaultAuthProviderFactory into public, stateless helpers.

Changes:

  • Added DefaultAuthProviderFactory.resolvePolicy(Workflow, ReferenceableAuthenticationPolicy) to resolve inline vs referenced auth policies.
  • Introduced public OAuthPolicyData record with from(AuthenticationPolicyUnion) to normalize OAuth2 vs OIDC extraction.
  • Refactored OAuth provider construction to use OAuthPolicyData, and added focused unit tests for both helpers.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java Adds resolvePolicy and refactors auth provider creation to use OAuthPolicyData.
impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java New public record providing a single extraction path for OAuth2/OIDC policy data.
impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java Switches constructor input from policy type to OAuthPolicyData.
impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java Switches constructor input from policy type to OAuthPolicyData.
impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java Adds tests covering inline vs reference resolution and null cases.
impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java Adds tests covering OAuth2/OIDC extraction (inline vs secret) and non-OAuth inputs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

mcruzdev added 2 commits July 1, 2026 21:28
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Copilot AI review requested due to automatic review settings July 2, 2026 00:36

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

@fjtirado fjtirado left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mcruzdev Lets move all utility methods to a new class OauthUtils. So basically remove the new class OauthPolicyData to OAuthUtils, and move the resolvePolicty method to there

Comment on lines +49 to +50
if (oidc != null && oidc.getOidc() != null) {
OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc();

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that one of the benefits of using multipe return for this method is that it allow to write thing like this

Suggested change
if (oidc != null && oidc.getOidc() != null) {
OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc();
if (oidc != null) {
OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc();
if (config != null) {
}

Comment thread impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java Outdated

@fjtirado fjtirado left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also a very good one, just usual picky comments ;)

Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Comment on lines +40 to +41
public record OAuthPolicyData(
OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) {}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm, I think is better to not declare this as inner record, but in a separate class


private OAuthUtils() {}

public enum OAuthScheme {

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for this enum, it is bettes to have it in a separate class

return Optional.empty();
}

public static AuthenticationPolicyUnion resolvePolicy(

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not know where this method is used, but should not return Optional.empty rather than null?

  Replace null returns with Optional in OAuthUtils.resolvePolicy to
  align with the existing from() method style, and extract OAuthScheme
  to its own top-level file.

Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
Copilot AI review requested due to automatic review settings July 2, 2026 15:08

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.

Comment thread impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java Outdated
  Move OAuthPolicyData out of OAuthUtils into its own file so integrations
  can reference it directly, and add a static from(AuthenticationPolicyUnion)
  convenience factory that delegates to OAuthUtils.from().

Signed-off-by: Matheus Cruz <matheuscruz.dev@gmail.com>
@fjtirado fjtirado merged commit ec993ef into serverlessworkflow:main Jul 2, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Expose reference resolution in DefaultAuthProviderFactory as a public static method

3 participants